What Is the Difference Between an Audit and an Attestation?

What Is the Difference Between an Audit and an Attestation?

Many businesses contract the services of an accounting firm to audit and attest to their financials. Although this process is time-consuming and often expensive, it is sometimes necessary to verify that the monetary information is authentic and accurate.

Some individuals and families employ accountants or firms to provide similar services for their personal financial records.

How do you know if an audit or attestation is necessary for your finances? Do you need both services, or is only one of them needed?

What Is the Difference Between an Audit and an Attestation?

An audit is performed to discover information. It can uncover risks or compliance issues that might not have been known or understood. An attestation evaluates and reviews the authenticity of the data when it is compared to its stated purpose, internal controls, or systemic collection.

An audit can be an evaluation or an investigation. It reviews a specific aspect of the organization and doesn’t need to include the finances. Auditors gather information to spot weaknesses in operational controls, uncover dangers, or find risks that impact the overall security of an organization or personal situation.

Audits can involve accounting, compliance, policy, operational, or procedural data. Although they are commonly held to determine the financial well-being of individuals and organizations, they can also review non-financial aspects of any operation.

They’re designed to provide an unbiased evaluation of the information to find gaps, security problems, or issues with the policies and procedures already in place.

Once this information is collected, a report is created and given to the appropriate individuals to evaluate the issues that require attention. Audits can be internal, often performed by managers, supervisors, or directors. They can also be external, with services provided by a third-party firm.

What Is an Attestation?

Certified public accountants (CPAs) can perform an attestation for an organization with an audit or offer it as a separate service.

Attestations take the data gathered to check its validity. The definitions for what is appropriate or not come from previously agreed-upon procedural definitions and engagements.

Organizations can request this service when reviewing compliance needs or procedures. It’s also common to see it with reviews of internal control functions, financial forecasting, and long-term projections. Once gathered, an evaluation occurs to see how true the information is when compared to stated purposes, controls, or systems.

Why Are Attestations Necessary?

Attestation is like having a witness testify to the authenticity of the information being reviewed. Imagine that you’re getting ready to move your family to a foreign country. You’d need to have documents like passports and birth certificates to ensure you could get through customs.

If the document doesn’t offer the information required for entry, you could be turned away.

An audit helps to find information and understand why it exists. Attestation offers authenticity to its validity.

You can’t print a birth certificate from your home printer to help your child gain entry to a foreign country. The document must be issued through a verified process from your home state. Even if you receive a similar copy from the hospital, it doesn’t have the same power as one issued by the government.

You can’t create a driver’s license at home that officially authorizes you to legally operate a vehicle. Attestation would look at that ID, see that it is fake, and make recommendations based on that finding.

Businesses face a similar issue with compliance. If the documents generated to show that a company follows the rules don’t offer the correct data, there could be several potential consequences, including ceasing operations.

Most attestation processes require submission of the original document or data, along with a copy of the same, to the authorized parties who verify or sign off on the information.

When Would an Audit Be Necessary for a Business?

A financial statement audit is a service typically contracted to an independent CPA or public accounting firm. It is a third-party service that examines financial transactions and records to ensure no conflicts of interest exist.

Independence is often necessary when conducting an audit to ensure the integrity of the information.

An audit is often mandated or initiated by a company’s shareholders or stakeholders. The goal of this work is to protect the business from non-representative or fraudulent financial claims.

Most auditors are responsible for the following items when completing their duties.

  1. Analyzing the processes and procedures of the company to ensure operations comply with local, state, and national rules.
  2. Examining the financial statements, and any related data, to determine if the recordkeeping processes are accurate.
  3. Evaluating the company’s assets for proper valuation or potential impairment.
  4. Ensuring that the organization or individual is complying with all applicable tax codes, laws, and regulations.
  5. Determining the financial liabilities related to taxes, accounts receivable, accounts payable, and any other designated categories.

There are several reasons why an audit would be appropriate, even for private companies. Some venture investors might want to see this information, including a full disclosure of a firm’s financial statements, through a third-party lens to ensure the validity of an opportunity.

Some banks can mandate an audit of business financials as a requirement to maintain an account. There are often size minimums and other factors that play a role in this decision, but every company (including nonprofits) should be ready for such a request.

Businesses that plan to be sold or go public could need three years of financial statements audited before the process can proceed.

When a company reaches about $1 million in annual revenue, it is a good idea to consider initiating an audit. If the authenticity of the information is required for the outcome, attestation should be part of that process.

How Can I Tell If I’m Getting a Good Audit?

Several financial scandals rocked the American economy in the early 2000s. Because of those issues, President George W. Bush signed the Sarbanes-Oxley Act of 2002 into law. This legislation addresses the need for corporate liability.

The act placed legal constraints on business executives while offering expanded protection to whistleblowers.

It also required more federal oversight for the accounting industry by creating a regulatory board, which was given broad powers to stop corruption, to monitor firms providing auditing and attestation work. The goal was to halt low standards and false profits.

Unfortunately, the idealism in the legislation outpaced the reality of humans who audit and attest information in this industry.

There’s a problem of unconscious bias found in the accounting industry. Conscious corruption can be deterred by mandating a lengthy prison sentence, but the issue is that people make choices based on several factors that aren’t consistently recognized.

A person’s desires provide a powerful influence on how information gets interpreted. Even when someone consciously tries to be impartial and objective, they don’t always succeed. If we’re motivated to reach a specific conclusion, we’ll find a way to get there.

That’s why, if you ask the average person, they’ll tell you that they have intelligent children, incredible driving skills, and stock-picking habits that always outperform the market. It doesn’t matter if there is clear evidence that suggests otherwise. We scrutinize and discount facts that seem contrary to the conclusions we hope to achieve.

Many people don’t realize this evaluation process occurs, which means there is no awareness of the skewed processing. Attestation from third-party sources can temper this fact, but it doesn’t eliminate our ingrained human reactions to information we don’t want to see.

It is fair to say that an attestation is also an audit, but one that comes with an opinion.

What Are Some Examples of Attestation Services?

An attestation should provide assurance. These engagements include historical or future performance, compliance, financial data, physical characteristics, and other forms.

Here is a closer look at some examples where an attestation service makes sense to employ.

Attestation ServiceReason Why This Attestation Service Is Helpful
Compliance NeedsWith this service, attestation reviews the definition of compliance as it relates to internal controls or specific requirements. It determines if the business or individual operates within the stated requirements. Should discrepancies be found, the auditing process can offer opinions on how to correct that situation.
Agreed-upon ProceduresThese procedures dictate how processes are completed within the organizational umbrella. Attestation reviews and authenticates whether those being studied have met laws, rules, or internal policies.
Service OrganizationAttestation services in this category look at the opportunities a business provides, ranging from data storage to payroll. Anything that could impact a client’s controls over reporting would be covered in this area. The objective is to generate evidence that offers assurance that the published descriptions are accurate.
Prospective StatementsThe objective of this service is to obtain reasonable assurance that the information is presented in accordance with relevant rules, regulations, or expectations. Even if the financial statements cover partially-expired periods, the data can still be verified to ensure conclusions are correctly drawn.
MD&AThis option provides assurances that an executive team’s discussions or analysis comply with regulations when offered to stakeholders or shareholders. The objective is to gather evidence to determine if all the required elements are included in the data presented to the public.

Attestation provides a company with more possibilities to gain assurance and authentication over several topics. Since audits typically focus on historical financial statements, you receive a clearer picture of what is happening so that adjustments can be made if they’re necessary.

How Long Does an Audit or Attestation Last?

The length of time an audit or attestation report is valid depends on several factors. Some reports only provide users with assurance that information was available or in place at the time the audit took place.

Other attestation reports offer assurance that specific controls were designed or implemented over a particular period of time.

When this information is relayed in a bridge letter, it is typically accepted as valid until it is a year old. At that time, a new attestation is necessary.

If an audit doesn’t turn up anything unusual, most businesses can manage having this task repeated every two to three years. For companies that earn less than $100,000 per year, the cost of an outside audit might not be worth the expense.

Do I Need an Audit or an Attestation?

The purpose of an audit or an attestation is to provide assurance. It reviews specific information points to ensure they meet or exceed the standards required for a particular situation. From financials to agreed-upon procedures, the goal is to verify a set of standards that meet governing standards.

Audits are a necessary headache. I’m on the board of a local nonprofit in our community that provides sports instruction and coaching services, and we recently had to go through this process due to issues of fraud.

The problem involved an authorized party purchasing items, but then sending through receipts that didn’t reflect the payments issued in return. Imagine spending $12 for a $10 hammer or $40 for a $25 ball – that kind of thing.

We hired attestation services to ensure the documents we had were authentic, which were then presented in court to prove the unauthorized behavior. Without that verification, it was unlikely that we’d make our case and recover our missing funds.

After the events were over, we had another third-party firm run a separate audit to ensure we had our overall financials in order. It was a process that took nearly six months to complete.

Although the cost and time commitments can be significant, audits and attestations are often worth the investment.

Legal Disclaimer

The information provided on www.CalmCFO.com, in webinars and accompanying material is for entertainment and informational purposes only. It should not be considered legal, tax, investment, or financial advice. You should consult with a licensed attorney, CPA or other professional to determine what may be best for your individual needs.

www.CalmCFO.com does not make any guarantee or another promise as to any results that may be obtained from using our content. No one should make any investment decision without first consulting his or her own financial advisor and conducting his or her own research and due diligence. To the maximum extent permitted by law, the owner of www.CalmCFO.com disclaims any and all liability in the event any information, commentary, analysis, opinions, advice and/or recommendations prove to be inaccurate, incomplete or unreliable, or result in any investment or other losses.

Content contained on or made available through the website is not intended to and does not constitute legal advice or investment advice and no attorney-client relationship is formed. Your use of the information on the website or materials linked from the Web is at your own risk.

www.CalmCFO.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for websites to earn advertising fees by advertising and linking to Amazon.com